1. Field of the Invention
The present invention is in the field of digital rights management and, particularly, relates to the protection of premium content such as blockbuster movies and other copyright protected content from being openly decoded on a computer such as a personal computer.
2. Description of Related Art
Personal computers are inherently insecure, because the software and hardware they are based on can be exchanged and extended freely, allowing a number of attack points to hackers and who else might want to get access to copy protected material.
On the other hand, this open architecture is exactly what has made the personal computer the success it has today.
Recently, efforts haven been made to thwart this open architecture in favor of a controlled environment in which copy protected material can be processed without exposing unencrypted data to the user. This requires considerable efforts that are both expensive and uncomfortable for the user experience.
Users will feel that they cannot decide freely what to do with their computers any more.
Nevertheless, the open nature of PC software still does not guarantee that by exploiting programming errors or utilizing holes in the security of the software that is used to create such a secure environment it is not possible to defeat the security built into such a controlled environment.
In the art, there exist a number of well-known content protection systems such as VCPS (VCPS=Video Content Protection System), CSS (CSS=Content Scramble System), or AACS (AACS=Advanced Access Content System).
Specifications for these systems are available in the internet. For example, the AACS system can be studied by referencing two “Advanced Access Content System (AACS), Introduction and Common Cryptographic Elements”, Preliminary Draft, Revision 0.90, Apr. 14, 2005, available via “www.AACSLA.com/specifications”. The same link provides access to two further AACS documents. These are “Advanced Access Content System (AACS), Recordable Video Book”, Revision 0.90, Apr. 14, 2005, or “Advanced Access Content System (AACS), Pre-Recorded Video Book”, Revision 0.90, Apr. 14, 2005.
AACS allows an encryption of all available content using an AES-128-bits-encryption algorithm. Furthermore, this system allows license key management, which means that even “protected” copies can be generated having a limited replay capability. Furthermore, license keys can be revoked, when it becomes known that certain players have been compromised in a non-legal way.
Thus, the advanced access content system specification defines an advanced and robust and renewable method for protecting audiovisual entertainment content, including high-definition content.
A problem of the application of all these well-known and cryptographically elaborate approaches is that, when those protocols are applied to personal computer systems, there exist several points of attack, which are not available when this scheme is applied within a player or even in a single chip. When, however, a computer system is considered, which includes an optical disk drive, a personal computer system having a main bus, to which the optical disk drive is connected, and having an output interface including a graphics adapter card and a connected display, the attacker has several possibilities to break the system.
Recently, the high definition multimedia interface (HDMI) has been developed, which provides a transmission of digital data from the graphics card to the display. However, in order to make sure that this digital data cannot simply be recorded, the digital data is encrypted before being output by the graphics card and is decrypted within the display device so that a hacker can only log encrypted data by observing the data connection between the graphics card and the display device.
On the other hand, there exist many well-known cryptographic protocols for establishing a secure connection between a first device and a second device such as the optical disk drive and the computer CPU. Such cryptographic protocols are illustrated in the “Handbook of Applied Cryptography”, CRC Press, 1996. A well-known protocol is the Diffie-Hellman Exchange. Such protocols make sure that two parties can agree upon a communication key and can use this key for encrypting traffic between those parties without transmitting the key itself.
Therefore, also the traffic between the disk drive and the computer can be encrypted and, therefore, protected against un-authorized access.
However, an important point of attack remains, since the computer performs the cryptographic protocols in software on the general-purpose CPU. All actions performed by the CPU are, therefore, publicly available and are accessible so that all cryptographic protocols would not defeat attacks when they were implemented without a certain secure environment available on the personal computer itself. Such environments are known under the term “trusted platform module”. Such a secure area on the computer would, however, contradict the open architecture philosophy for personal computers. Compromising this open architecture philosophy will result in a decreased flexibility of the whole system and, therefore, will end up in a decreased market acceptance of such a system. This is not acceptable for manufacturers due to the high-volume computer market.